-
Bug
-
Resolution: Unresolved
-
Undefined
-
CentOS Stream 9
-
None
-
tpm2-tools-5.2-6.el9
-
No
-
Moderate
-
1
-
rhel-kernel-security
-
ssg_core_kernel
-
9
-
15
-
1
-
Dev ack
-
False
-
False
-
-
None
-
CK-April-2025
-
Pass
-
RegressionOnly
-
Release Note Not Required
-
Unspecified
-
Unspecified
-
Unspecified
-
None
What were you trying to do that didn't work?
I'd like to request a backport of https://github.com/tpm2-software/tpm2-tools/commit/576a31bcc910da517067b29667f45fbe78e812e0 in tpm2-tools to fix a bug in the PCR calculation logic in tpm2_eventlog. Alternatively, rebasing tpm2-tools to the latest version (5.7) would also work.
What is the impact of this issue to you?
tpm2_eventlog reads the UEFI TPM eventlog, and uses it to calculate the PCR values we expect the TPM to contain. If they match then we know we can use the information in the eventlog to validate we see the expected events. This commit fixes an error where the PCR calculation fails to take into account the startup details of the TPM, resulting in incorrectly calculating the expected value for PCR0.
Please provide the package NVR for which the bug is seen:
tpm2-tools-5.2-4.el9.x86_64
How reproducible is this bug?:
always
Steps to reproduce
- run tpm2_eventlog
- observe the PRC0 value
Expected results
the PRC0 value is correct
Actual results
the PRC0 value is wrong
- links to
-
RHBA-2025:148798
tpm2-tools update
